ClawHub

⛅ 中国天气查询工具

Security checks across malware telemetry and agentic risk

Overview

This is a weather lookup skill whose network requests and small local city-code cache fit its stated purpose.

Install this if you are comfortable with weather queries being sent to weather providers and with searched city names being saved locally in citys.txt for future lookups. For vague prompts without a city, the agent should ask for location confirmation before using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation instructs use of Python, curl, and browser/network access, but no declared permissions are present to match those capabilities. This creates a transparency and policy-enforcement gap: an agent or reviewer may underestimate that the skill can perform outbound requests and potentially read/write local data while handling weather queries.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The tool performs a side effect that is not implied by a normal weather-query skill: it persists remotely sourced city names and codes into a local file without explicit user consent or clear disclosure. In an agent/runtime context, hidden file writes can create integrity and privacy risks, allow unbounded state growth, and make future behavior depend on attacker-influenced network responses.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as general weather small-talk, causing the skill to activate in contexts the user may not intend. Overbroad invocation increases the chance that the agent will make unnecessary network requests or route unrelated prompts through this skill without clear consent.

External Transmission

Medium
Category
Data Exfiltration
Content
agent-browser open "https://www.weather.com.cn/weather/101010100.shtml"

# 2. curl 读取 open-meteo.com
curl -s "https://api.open-meteo.com/v1/forecast?latitude=39.9042&longitude=116.4074&current_weather=true&daily=temperature_2m_max,temperature_2m_min,weathercode&timezone=Asia%2FShanghai"

# 3. wttr.in
curl -s "wttr.in/Beijing?T"
Confidence
86% confidence
Finding
https://api.open-meteo.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal